Facebook Launches Bug Bounty Program To Report Data Thieves

Facebook on Tuesday launched a data abuse bug bounty program, just hours ahead of CEO Mark Zuckerberg's testimony to the Senate judiciary and commerce committees in Washington, DC. The bug bounty program is asking for people to report any apps that abuse data on Facebook, and it offers a reward based on how severe the abuse is. From a report: "While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," Collin Greene, Facebook's head of product security, said in a post. The new program comes almost a month after the New York Times and the UK's Observer and Guardian papers revealed that Cambridge Analytica, a voter profiling firm, took advantage of a Facebook app to siphon off personal information on 87 million people. The scandal has fanned the flames of a backlash against Facebook by lawmakers and users.

Better idea

[110010001000]

Here is a better idea: do it yourself. You know, actually monitor your website and stuff. It is a radical idea.

Re:Better idea

Here is a better idea: do it yourself. You know, actually monitor your website and stuff. It is a radical idea.

Then you can't charge money for access to something and pretend you know nothing about it.

What? You expect Fuckerberg to care about things like the feelings of his product?

Re:Better idea

Just like we expect the Republican adults in Congress to investigate a very-well-known criminal enterprise replete with bullshit ponzi-style "university" no less....

Re:Better idea

Facebook has 2 billion folks that walk in, leave personal information all over the place, and then walk away without cleaning up after themselves.

Is Facebook really supposed to place all this in the lost and found and wait for the rightful owner to show up and claim it?

Re:Better idea

Just like we expect the Republican adults in Congress to investigate a very-well-known criminal enterprise replete with bullshit ponzi-style "university" no less....

Oh, grow up, sprout a brain, and fucking drop it already.

The biggest, most corrupt crook in the last election was the one who fucking lost.

Re:Better idea

Maybe, but Donald Trump won't go to prison for anything HRC did. He'll go for things he did, and lied about, and tried to obstruct investigations into. Deal with it snowflake.

You seem to think this is still about Clinton for whatever fantasy that serves in you. Life in prison will give Trumpies plenty of time to think it over.

Re: Better idea

Why isn't Killary in prison then?

Re: Better idea

Why do you need to change the subject from corrupt treasonous POTUS to corrupt election loser without power? Donald Trump is committing crimes ONGOING. You investigated Benghazi and got nothing from it. Pity, sure.

But one does not excuse the other. HRC's email scandal does not compare to Donald's actual treason. Sorry.

Re: Better idea

They canâ(TM)t. This is a case of the thief yelling âoecatch the thiefâ at the crowd to misdirect then. Facebook should not be allowed to exist with regulation.

Re:Better idea

[skovnymfe]

But having an operations team costs money. It's so much easier to just hire more developers who have no clue about operations. DevOps!

Obama campaign? Redirect to /dev/null

Where was all this outrage four years ago?

bullshit

Appearance of concern for sheeple - how adorable.

Re: bullshit

Yep, pure PR. Pretend that it's a bug to be fixed rather than how their core business is run. Ain't nothin' gonna change on FB unless someone, e.g. the government, forces them and all other antisocial media services to.

Re:DUMP TRUMP

Time will take care of that one way or another, darling.

Question:

How do I report Facebook?

Obligatory Pogo

[Stormwatch]

"We have met the enemy and he is us." - Walt Kelly

Report Der Zuck

[Oswald+McWeany]

Facebook Launches Bug Bounty Program To Report Data Thieves (cnet.com)

Hello, I would like to report Mark Zuckerburg please!

Re:Report Der Zuck

[Rosco+P.+Coltrane]

You can't report Zuck: he ain't a thieve, he's a con artist: he managed to convince his users that giving away their data is a negligible price to pay in exchange for a great service. People are slowly discovering it's the other way around, but it's too late now.

Re:Report Der Zuck

[Errol+backfiring]

If he would only gather your personal information from your account on facepalm, you were right. If he collects data about me from other facepalm accounts, web beacons and other software or services that turn out to be facepalm-owned, the he is a thief.

Re:Report Der Zuck

[Rosco+P.+Coltrane]

I doubt it. I bet you anything that deep down in the TOS that all Facebook users have agreed to - after reading it carefully from beginning to end, no doubt - there is a provision saying the users lets FB use and abuse their data any which way it wants.

Re:Report Der Zuck

well put.

if that information your giving to him is so innocuos how come he's worth *billions* from selling it?

Re:DUMP TRUMP

[DigiShaman]

Nah. The Russians will probably nuke it.

I know, I know! You're so very conflicted over the outcome.

Dear Product^h^h^h^h^h^h^hCustomers

[nospam007]

We have so much data about you, your kids, your family, your friends, your vices, your drugs, your vacations and we leak them like a sieve.

Please tell us who captures your data, so that we can send them a bill.

Thanks a lot suckers^h^h^h^h^h^h^h

Re:Dear Product^h^h^h^h^h^h^hCustomers

You don't even need to make up his words, you can just use his own.

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks

Re:Obama campaign? Redirect to /dev/null

[jellomizer]

There is a difference between using data that was openly available with links to apps that were open to what they were doing with your data to see that you may fit the demographic that would vote for Obama, and have ads that pop up and say go out and vote for me. Vs. Having apps to trick you into figuring out what political persuasion you are and give you a custom message showing how evil opposition is, not just official running, but how all of their supporters are sub-human monsters. Scheduling rallies for the rightest of the right, and protests for the leftest of the left in the same location just to spur up anger and perhaps get some violence.

Facebook is still selling your personal data. The problem was the wrong people got a hold of it.

Re:DUMP TRUMP

Get this moron who keeps posting this shit expelled from the USA.

lol sure

[o_ferguson]

I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.

Re:lol sure

I reported a bug under their last bounty program and they said "while this is a bug, and we will fix it, it's not a 'security bug' so we won't be paying you for reporting it." I hope they die in a fire.

What a mean thing to say to a fire.

What did fire ever do to you?

Re:lol sure

[HornWumpus]

He's nothing but a low-down, double-dealing, backstabbing, larcenous perverted worm! Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!

Hanover Fiste

Re:lol sure

[TwoUtes]

Awesome Heavy Metal reference!

Re:lol sure

What did fire ever do to you?

Burned him. Burned him real bad.

Re:lol sure

[stephanruby]

Do you think it was a security-related bug?

Re:lol sure

[o_ferguson]

Other than the fact that all bugs are security bugs, yes: it allowed you to post content direct to other users' walls, who were not your friends but in the same group as you, and to do so with no attribution, so the other users could see that you posted it to their wall, but not why you had access to their wall. It was a way to clearly violate their user compartmentalization organization, but they argued that since users had joined groups willingly, their rights hadn't been violated and so it wasn't really "security" related. But they still fixed it right away.

Re:lol sure

[ViXiV]

Did this EXACT same shit to me for a CSRF bug where I was able to wipe and brick certain residental routers over their messaging system. They said it needed to be fixed in all the routers in the entire world by the manufacturers instead of incorporating appropriate CSRF filters in messages..... LMFAO, do not trust any bounty program from FB for any reason whatsoever!

Re:lol sure

[o_ferguson]

lawsuit time

Re:lol sure

[ViXiV]

Apparently they are notorious for worming out of paying for legitimate bug bounty reports. They will refuse to pay you if at all possible and they have gotten really good at scamming security researchers and hackers into free work. IMO a lawsuit would be frivolous as they would likely spend more on their attorneys then paying the actual bounty just to make an example of the researcher and deter others from following suit. Stop reporting bugs to FB and just sell them for what they're actually worth instead of working for nothing.

Re:lol sure

[o_ferguson]

So we should kill them?

Tangent

Why do so many postings and articles use such an awkward opening? It's all over the place: "[person/company] on [day/date] [did something]".

Facebook on Tuesday launched...

It seems to me that would be much more readable as

On Tuesday, Facebook launched...

If writers are hell-bent on keeping the awkward approach, punctuate it better.

Facebook, on Tuesday, launched...

It's still awkward, but at least it better captures what's being attempted.

Every time I see it, I wince inside.

End tangent.

Re:Tangent

Kevin on Tuesday ate a cookie.
On Tuesday, Kevin ate a cookie.
Kevin ate a cookie on Tuesday.
Kevin, on Tuesday, ate a cookie.

One of these things is just horribly wrong. A second involves a verbal arm-twist.

Re:Obama campaign? Redirect to /dev/null

Excuse me? Faceplant? THEY ARE the data thieves!

Re:DUMP TRUMP

Moron? Is he dumber than you?
Can you do what he did then?
Left rage never stops being amusing because you could not give a fuck about what Obama and Hillary did because identity politics is noble.
Obama was worse than Bush and did a lot more damage and all you fucks care about is he wasn't white so he gets a pass.

Needs more commas

[WillAffleckUW]

40,000?

Look, FB, you're facing probable fines with four commas in the US and similar ones in the EU.

Try adding more commas. I'd go for at least two.

Re:Needs more commas

Agreed. Not worth my time and effort.

Re:DUMP TRUMP

The Russians don't need to nuke what they can buy with blackmail. Trump's ass is for sale to the highest bidder. We know that about him. Who thinks prison is going to change that anyway? Nobody.

Hello Facebook?

[forkfail]

Yes, I'd like to report Facebook, Inc. It seems that they have provided APIs through which they sell private data to anyone with a bank account and a keyboard.

Where can I pick up my check?

Facebook Launches Confession ...

[CaptainDork]

... That They Won't Own Up To A Fucking Thing.

discuss

Proper vs Improper Abuse

[Tominva1045]

So improper abuse is when you skim data off Facebook and market to those people elsewhere. Proper abuse is when you do a Google search on a product and two minutes later it's in your Facebook feed. Got it-

Re:Proper vs Improper Abuse

Actually, pretty sure it was improper because FB weren't paid enough for the data gathered. If they had been paid, it would have been ok.

Re:Proper vs Improper Abuse

[bobbied]

Actually, pretty sure it was improper because FB weren't paid enough for the data gathered. If they had been paid, it would have been ok.

The Obama campaign in 2012 didn't pay a cent to Facebook. Download their app and you got your friends information sucked into the DNC's database.. https://www.nationalreview.com...

Re:Proper vs Improper Abuse

The 'whataboutism' is strong with this one. What's more amusing is watching him wander everywhere FB gets mentioned for his shot at posting this.

Re: Proper vs Improper Abuse

I'll leave this here. From your link.

The only material difference between the Obama campaignâ(TM)s approach, which was celebrated as groundbreaking at the time, and the Cambridge Analytica breach is that those who downloaded the Obama 2012 app knew they were compromising their friendsâ(TM) data and they didnâ(TM)t believe, as the Cambridge Analytica respondents did, that their data was being collected for purely academic purposes.

So, the Obama campaign was truthful with what their intentions were. While trumps team acted malicious and hid their intentions.

And, big difference. But keep trying to blame Obama for trumps misdoings.

Re:Obama campaign? Redirect to /dev/null

"It's okay as long as I agree with whose agenda is being pushed"

Captcha: dignity

Re:Obama campaign? Redirect to /dev/null

[gnick]

I posted this in another thread the other day. Some similarities & differences between what the Obama campaign did and what Cambridge Analytica did.

The Obama campaign and Cambridge Analytica both gained access to huge amounts of information about Facebook users and their friends, and in neither case did the friends of app users consent.

But in Obama’s case, direct users knew they were handing over their data to a political campaign. In the Cambridge Analytica case, users only knew were taking a personality quiz for academic purposes.

The Obama campaign used the data to have their supporters contact their most persuadable friends. Cambridge Analytica targeted users and their friends directly with digital ads.

FB

Hey FB, Facebook is abusing data.
Can I have my $40k now?

Re:Obama campaign? Redirect to /dev/null

There is a difference between...say go out and vote for me...and give you a custom message showing how evil opposition is

Bullshit.

Democrats used the data to attack the evil opposition by urging support for MoveOn.org, Occupy Wall Street, Black Lives Matter, Women's March on Washington, etc. And do you really think those protests at Tea Party rallies and Trump campaign stops were spontaneous? All of those were funded and managed by Democrats as attack vectors, and you can be sure they got plenty of help from Facebook.

Re:DUMP TRUMP

[Mark+Zuckberg]

Donald TRUMP is a RUSSIAN
Donald trum * s a russian
Donald tru* x * a Russian
Donald tr* KGB *a RUSSIAN
Dona **** USSR! **** SIAN
Donald * KGB spy * ussian
Donald* xx ** KGB * ssian
Donal* ** mp is ** ussian
Don ** TRUMP IS a ** sian
Donald Trump Is a RUSSIAN

Re:Obama campaign? Redirect to /dev/null

[jellomizer]

Not the agenda. The Tea Party also used social media to push their agenda and brought in a lot of Republicans into the congress to followed their ideals.

iotw...

Please notify the FBI via Faceberg that you have computer skills enough to find bugs in apps.

GJ moles.

Re:Obama campaign? Redirect to /dev/null

[jellomizer]

Greetings comrade. How is the weather in Russia?

Re: DUMP TRUMP

What do Obama and Hillary have to do with this? Every time trump does something bad stop screaming Obama or Hilary. They aren't the presidents. He is. Suck it up cupcake.

Re:Obama campaign? Redirect to /dev/null

[ckatko]

Seriously. It's hilarious to watch the mental gymnastics of Google's CEO openly tauting that he's DIRECTLY working with a presidential candidate to "use our data" to help the candidate.

  - Facebook sold some ads. Who the fuck reads Facebook ads?
  - Google literally used their entire platform (read: tracking your information) + "muh algorithms" to assist a candidate.

And IN RETURN, the CEO got, and I quote, "a virtual open door to access the White House at will"

https://www.googletransparency...

https://theintercept.com/2016/...

https://mashable.com/2009/04/2...

https://www.wired.com/2008/11/...

https://www.politico.com/story...

https://www.theguardian.com/te...

"Eric Schmitt, 'CEO of America' "

And these are LIBERAL WEBSITES running these articles. So you can't even play the whole "alt-right / foxnews / fakenews / Russia-wrote-it" Red Herring bullshit.

Of course, I don't know why we're restricting to Obama either. Under Hillary, they did the same thing (for likely the same quid-pro-quo arrangement):

https://www.washingtonpost.com...

http://www.googletransparencyp...

https://qz.com/823922/eric-sch...

https://www.politico.com/magaz...

https://qz.com/520652/groundwo...

So with literally DOZENS upon dozens of professional articles dedicated to the subject from dozens of separate news organizations, anyone who ignores this well-established fact is throwing their head in the sand and humming, and not worthy of a debate response and should be downvoted accordingly for low signal-to-noise ratio.

  -> Google did everything Facebook did, and far more.

"Thieves" is the operative word...

[SeaFox]

They want to make sure the only people taking data are the ones paying for it.

How about this one?

[argStyopa]

"Bug: you business model is based on selling data gathered without permission from users; effectively, this is like the Mafia asking people to help guard their loot. I can't imagine the cognitive dissonance needed to sustain that sort of hypocrisy, so it must be a bug?"

Do you think they'd pay me?

No value

How do you find bugs, when you can run the apps on your computer. Facebook runs them on their server, and you don't get access to that

Facebook Bug Bounties have Stolen Millions

[ViXiV]

Another Bug Bounty system from Facebook? Except they have been stealing from security researchers since the first bounty program was started by finding loop holes allowing them to not pay those bounties. They neglected to pay at least 2 legitimate bounties for bugs provided by myself stating that the bugs needed to be fixed in every router in the entire world instead of providing filters for it in their own messaging system which they eventually enabled without the bounty being issued. So essentially, they can make up a reason to not pay you and then fix it in the background and most people are none the wiser.